DECISION ON THE SUPERVISION OF PAYMENT SYSTEM FUNCTIONING

Based on Article 2, paragraph 3, item c), Article 7, item b), and Articles 58 and 70 of the Law on the Central Bank of Bosnia and Herzegovina ("Official Gazette of BiH", nos. 1/97, 29/02, 8/03, 13/03, 14/03, 9/05, 76/06, and 32/07), the Governing Board of the Central Bank of Bosnia and Herzegovina, at its 13th session held on September 27 and 29, 2022, and its 14th session held on October 27, 2022, adopts

DECISION ON THE SUPERVISION OF PAYMENT SYSTEM FUNCTIONING

PART ONE – GENERAL PROVISIONS

Article 1. (Subject and Objective) (1) This Decision regulates the supervision of the functioning of payment systems conducted by the Central Bank of Bosnia and Herzegovina (hereinafter: the Central Bank), through the monitoring of payment system functioning and the assessment of compliance of payment systems with the principles applied by the Central Bank. (2) The objective of supervising payment systems is to ensure and improve the safety and efficiency of payment system functioning and the uninterrupted conduct of payment transactions in Bosnia and Herzegovina, thereby supporting financial stability in Bosnia and Herzegovina.

Article 2. (Scope of Supervision) The scope of supervision includes payment systems that the Central Bank supports or establishes and maintains, in accordance with Article 2, paragraph (3), item c) of the Law on the Central Bank of Bosnia and Herzegovina, classified in Article 6 of this Decision.

Article 3. (Supervision of Payment Systems) The Central Bank supervises payment systems through:

• monitoring the functioning of payment systems,
• assessing the compliance of payment systems with the principles for payment system functioning established in Article 7 of this Decision, and
• conducting catalyst activities.

PART TWO – MONITORING OF PAYMENT SYSTEM FUNCTIONING

Article 4. (Monitoring of Payment System Functioning) Monitoring the functioning of a payment system ensures timely information regarding the correct operation of the supervised payment system, with the aim of preserving the stability and efficiency of the supervised payment system.

Article 5. (Activities of Monitoring Payment System Functioning) (1) The Central Bank performs monitoring of payment system functioning by collecting and analyzing statistical data, information, reports, and other documents relating to the functioning of the supervised payment system. (2) Monitoring the functioning of a payment system includes the following activities:

• monitoring of the payment system and analysis,
• risk analysis,
• preparation of statistical data and reports.

PART THREE – CLASSIFICATION OF PAYMENT SYSTEMS AND ASSESSMENT OF COMPLIANCE WITH PAYMENT SYSTEM FUNCTIONING

Article 6. (Classification of Payment Systems) (1) The Central Bank classifies payment systems as:

• Systemically Important Payment System: a payment system whose disruption in operation or in the operation of its participants may cause serious disruptions in the financial system and endanger financial stability;
• Significant Payment System: a payment system that meets the conditions set out in the Decision on the Methodology for Supervision of Payment Systems and whose disruption in operation or disruption in the operation of its participants cannot cause serious disruptions in the financial system, but may lead to a loss of confidence by participants and their clients in that system; or
• Other Payment Systems: a payment system that does not meet the conditions for the classifications listed in items a) and b) of this Article. (2) The Central Bank will adopt a Decision on the Methodology for Supervision of Payment Systems, which will more precisely prescribe the criteria for the classification of payment systems. (3) Based on the classification of the payment system, the appropriate principles for supervising the payment system established in Article 7 of this Decision shall be applied, in accordance with the Decision referred to in paragraph (2) of this Article.

Article 7. (Principles and Regulations for Supervising Payment Systems) (1) The assessment of compliance with the functioning of a payment system implies an evaluation of the compliance of the functioning of a payment system with the principles for payment system functioning applied by the Central Bank, as well as regulations of other relevant international institutions governing the requirements for supervising payment systems. (2) The Central Bank applies the principles and responsibilities defined in the "Principles for Financial Market Infrastructures" adopted by the Committee on Payment and Settlement Systems (CPSS) of the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO). (3) The following principles apply to the assessment of compliance with the functioning of payment systems:

• Principle 1 "Legal Basis" – A payment system should have a well-founded, clear, transparent, and enforceable legal basis for each significant aspect of its activities in all relevant areas of jurisdiction;
• Principle 2 "Governance" – A payment system should have governance mechanisms that are clear and transparent, promote the safety and efficiency of the payment system, support the stability of the financial system as a whole, other relevant public interest considerations, and the objectives of relevant stakeholders;
• Principle 3 "Comprehensive Risk Management Framework" – A payment system should have a robust framework for comprehensive management of legal, credit, operational, and other risks;
• Principle 4 "Credit Risk" – A payment system should effectively measure, monitor, and manage credit exposures to participants and those arising from the payment, clearing, and settlement processes. A payment system should hold sufficient financial resources to fully cover its credit exposure to each participant with a high degree of confidence;
• Principle 5 "Collateral" – A payment system that requires collateral to manage its own credit exposure or the credit exposure of its participants should accept collateral with low credit, liquidity, and market risks. The payment system should also establish and appropriately apply conservative haircuts and concentration limits;
• Principle 7 "Liquidity Risk" – A payment system should effectively measure, monitor, and manage its liquidity risk. A payment system should maintain sufficient amounts of liquid funds in all relevant currencies to execute intraday, and, as necessary, daily and multi-day settlements of payment obligations with a high degree of reliability in situations involving various stress scenarios, including, among other things, the emergence of a participant's and its affiliated entities' failure-to-deliver status that would produce the largest total liquidity obligation for the payment system under extreme but plausible market conditions;
• Principle 8 "Finality" – A payment system should provide clear and secure final settlement, at least by the end of the value date. Where necessary or desirable, a payment system should provide settlement on the same day or in real time;
• Principle 9 "Money Settlements" – A payment system should, where practicable and possible, conduct its money settlements in central bank money. If central bank money is not used, the payment system should minimize and strictly control the credit and liquidity risks arising from the use of commercial bank money;
• Principle 12 "Settlement Systems for Payment Obligations" – If a payment system settles transactions involving the settlement of two linked obligations (e.g., securities transactions or foreign exchange transactions), it should eliminate the risk of loss of value of the transaction by making the final settlement of one obligation conditional upon the final settlement of the other obligation;
• Principle 13 "Rules and Procedures for Participant Default" – A payment system should have effective and clearly defined rules and procedures for managing situations in the event of a participant's default. These rules and procedures should ensure that the payment system responds in a timely manner, limits losses and liquidity pressures, and continues to meet its obligations;
• Principle 15 "General Business Risk" – A payment system should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services on a going-concern basis if those losses materialize. Furthermore, liquid net assets should be continuously sufficient for the recovery or orderly liquidation of key operations or services;
• Principle 16 "Custody and Investment Risk" – A payment system should safeguard its assets and the assets of its participants and minimize the risk of loss of assets and delays in access to those assets. Investments by the payment system should be in instruments with minimal credit, market, and liquidity risks;
• Principle 17 "Operational Risk" – A payment system should identify possible internal and external sources of operational risk and reduce their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability, and should have adequate, measurable capacity. Business continuity management should aim for the timely recovery of operations and fulfillment of payment system obligations, also in the event of major and significant disruptions;
• Principle 18 "Access and Participation Criteria" – A payment system should have objective, publicly disclosed participation criteria that should be based on risk assessment and allow for fair and open access;
• Principle 19 "Indirect Participation Arrangements" – A payment system should identify, monitor, and manage material risks to the payment system arising from indirect participation arrangements;
• Principle 21 "Efficiency and Effectiveness" – A payment system should be efficient and effective in meeting the requirements of its participants and the markets it serves;
• Principle 22 "Communication Procedures and Standards" – A payment system should use, or at least adapt to, relevant internationally accepted communication procedures and standards to enable efficient payment, clearing, settlement, and record-keeping;
• Principle 23 "Disclosure of Rules, Key Procedures, and Market Data" – A payment system should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to accurately understand the risks, fees, and other material costs arising from participation in the payment system. All relevant rules and key procedures should be publicly disclosed.

Article 8. (Types of Compliance Assessment According to Principles) The assessment of compliance with the functioning of a payment system may be:

• Partial, when the assessment of compliance with the functioning of a payment system is conducted with one or more applicable principles for payment system functioning from Article 7 of this Decision, or
• Full, when the assessment of compliance with the functioning of a payment system is conducted with all applicable principles for payment system functioning from Article 7 of this Decision.

Article 9. (Method of Conducting Compliance Assessment) The assessment of compliance with the functioning of an individual payment system is conducted:

• Directly – through direct inspection of the operation of the payment system (inspection of documentation and data held by the operator of the supervised system), and
• Indirectly – through monitoring and analysis of information, statistical data, reports, and other documents relating to the functioning of the payment system, which the operator of the payment system provides to the Central Bank upon its request.

Article 10. (Compliance Assessment Activities) The assessment of compliance of payment system operations with standards and principles for payment system functioning conducted by the Central Bank includes the following phases:

• preparation for the assessment of compliance with the functioning of a payment system,
• preparation of a report on the completed assessment of compliance with the functioning of a payment system, and
• evaluation of the level of compliance with the functioning of a payment system.

Article 11. (Preparation for Compliance Assessment of Payment System Functioning) Preparation for the assessment of compliance with the functioning of a payment system includes:

• identification of the payment system to be assessed,
• definition of the type of compliance assessment of the payment system,
• notification of the operator of the payment system regarding the type of compliance assessment and the plan for its implementation,
• submission of a questionnaire to the operator of the payment system, for the collection of information and other documents relating to the functioning of that payment system, with the determination of a deadline for providing answers to the questionnaire.

Article 12. (Fulfillment of Requirements for Inspection of Payment System Functioning) The operator of the payment system subject to supervision is obliged to provide all requested data and documentation to the Central Bank within the deadline determined by the Central Bank in the request.

Article 13. (Notification of the Payment System Operator Regarding Direct Inspection) (1) The Central Bank notifies the operator of the payment system of the planned direct inspection of the operation of the payment system 20 working days before the start of the implementation of this type of assessment. (2) Exceptionally from paragraph (1) of this Article, if the Central Bank, based on an inspection of reports, information, or other documents provided to it for inspection, assesses that there are irregularities in the operation of the payment system that may be significant for the safety and stability of the functioning of the financial system, the Central Bank may initiate a direct inspection of the operation of that payment system without prior notice.

Article 14. (Conducting Direct Inspection) The operator of the payment system is obliged to enable the Central Bank to have full access to the documentation and functioning of the information technology of the payment system and, upon the request of the Central Bank, to provide copies of specific documentation in paper and/or electronic form.

Article 15. (Report on the Completed Compliance Assessment of Payment System Functioning) (1) After the completed assessment of compliance with the functioning of a payment system, the Central Bank prepares a report on the completed assessment of compliance with the functioning of a payment system, which contains:

• a brief description of the payment system being assessed (type of system, number of system participants, basic statistical data regarding the functioning of the payment system, and other relevant information),
• the type and method of conducting the completed assessment of compliance with the functioning of a payment system,
• sources of information used for the assessment,
• evaluation of the level of compliance with the functioning of a payment system in accordance with Article 17 of this Decision,
• description of any irregularities/deviations from the principles established in Article 7 of this Decision, and
• recommendations that the operator of the payment system should consider and implement, depending on the evaluation of the level of compliance for each individual principle with which compliance was assessed, i.e., the completed assessment. (2) The report on the completed assessment of compliance with the functioning of a payment system cannot be published in whole or in part without the consent of the Central Bank.

Article 16. (Alignment of the Report on the Completed Compliance Assessment of Payment System Functioning) (1) The operator of the payment system may submit comments to the Central Bank on the report on the completed assessment of compliance with the functioning of a payment system within ten working days from the date of its receipt. (2) The Central Bank may directly verify the claims of the operator of the payment system contained in the comments on the report on the completed assessment of compliance with the functioning of a payment system and, if it deems it necessary, prepare an addendum to the report to which the operator of the payment system may submit comments within five working days from the date of its receipt. (3) The Central Bank, within ten days from the receipt of comments on the report, or comments on the addendum to the report on the completed assessment of compliance with the functioning of a payment system, considers the received comments and notifies the operator of the payment system in writing regarding the acceptance or non-acceptance of the comments and prepares the final report on the completed assessment of compliance with the functioning of a payment system, which it delivers to the operator of the payment system whose assessment was conducted. (4) For the purpose of ensuring transparency, the Central Bank publishes the report from paragraph (3) of this Article on its website or in another manner determined by the Central Bank as applicable. (5) In the performance of supervision of the functioning of a payment system, the Central Bank ensures the confidentiality of certain data, information, and other documents relating to the functioning of payment systems and uses them only for the purpose of performing activities encompassed by the supervision of those systems.

Article 17. (Evaluation of the Level of Compliance of a Payment System) (1) After the completed assessment of compliance with the functioning of a payment system, the Central Bank provides an evaluation of the level of compliance with the functioning of a payment system with each principle from Article 7 of this Decision, as follows:

• Compliant: the system is fully compliant with a particular principle for payment system functioning;
• Largely Compliant: the system is largely compliant with a particular principle for payment system functioning, but minor irregularities have been observed that do not have a significant impact on the safety and/or efficiency of the payment system;
• Partially Compliant: there are significant irregularities and/or risks that affect the safety and/or efficiency of the payment system, but the system operator has the capacity to eliminate them in a short period of time; or
• Non-Compliant: the system is not compliant with a particular principle for payment system functioning at all. (2) If a particular principle for payment system functioning is not applicable to the payment system subject to assessment due to specific legal, institutional, structural, and/or other characteristics of the payment system, the Central Bank evaluates it as "Not Applicable".

Article 18. (Initiation of Payment System Alignment Activities) (1) After the delivery of the final Report on the Completed Assessment of Compliance with the Functioning of a Payment System, the Central Bank consults with the operator of the payment system regarding the plan of activities and deadlines for the implementation of the given recommendations. (2) The Central Bank monitors activities on the implementation of recommendations from the Report on the Completed Assessment of Compliance with the Functioning of a Payment System based on information and documentation regarding their implementation, which is provided by the operator of the payment system.

PART FOUR – DEVELOPMENTAL FUNCTION

Article 19. (Catalyst Activities) The Central Bank actively participates in preparatory activities and implementation phases of activities relating to innovations in payment systems and analyzes their impact on the economy of Bosnia and Herzegovina, as well as their impact on the goals of public policy for safe and efficient payment systems.

PART FIVE – COOPERATION IN THE FIELD OF SUPERVISION OF PAYMENT SYSTEMS

Article 20. (Cooperation with Other Institutions) For the purpose of the functioning of the supervision of payment systems, the Central Bank cooperates with other relevant institutions in Bosnia and Herzegovina and at the international level.

PART SIX – TRANSITIONAL AND FINAL PROVISIONS

Article 21. (Other Acts for Supervising Payment Systems) For the purpose of ensuring the functioning of the supervision of payment systems, the Governing Board of the Central Bank will adopt the Decision on the Methodology for Supervision of the Functioning of Payment Systems and other acts regulating the activities of the Central Bank in the field of supervision of payment systems.

Article 22. (Final Provisions) (1) This Decision enters into force on the eighth day from the date of publication in the "Official Gazette of BiH", and shall be applied from January 1, 2023. (2) This Decision will also be published in the "Official Gazette of the Federation of BiH", the "Official Gazette of the Republika Srpska", and the "Official Gazette of the Brčko District of BiH".

Chairman of the Governing Board of the Central Bank of Bosnia and Herzegovina No.: UV-122-01-1-1909-9/22 Sarajevo, October 27, 2022

GOVERNOR dr. Senad Softić